Total
9311 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | |||||
| CVE-2020-21180 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signup page. | |||||
| CVE-2020-21179 | 1 Koa2-blog Project | 1 Koa2-blog | 2021-02-02 | 7.5 HIGH | 9.8 CRITICAL |
| Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers to Injecting a malicious SQL statement via the name parameter to the signin page. | |||||
| CVE-2020-35270 | 1 Student Result Management System Project | 1 Student Result Management System | 2021-02-01 | 6.4 MEDIUM | 9.1 CRITICAL |
| Student Result Management System In PHP With Source Code is affected by SQL injection. An attacker can able to access of Admin Panel and manage every account of Result. | |||||
| CVE-2018-7318 | 2 Belitsoft, Oracle | 2 Checklist, Data Integrator | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter. | |||||
| CVE-2017-5611 | 3 Debian, Oracle, Wordpress | 3 Debian Linux, Data Integrator, Wordpress | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in wp-includes/class-wp-query.php in WP_Query in WordPress before 4.7.2 allows remote attackers to execute arbitrary SQL commands by leveraging the presence of an affected plugin or theme that mishandles a crafted post type name. | |||||
| CVE-2018-9019 | 2 Dolibarr, Oracle | 2 Dolibarr, Data Integrator | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. | |||||
| CVE-2021-3286 | 1 Spotweb Project | 1 Spotweb | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection exists in Spotweb 1.4.9 because the notAllowedCommands protection mechanism is inadequate, e.g., a variation of the payload may be used. NOTE: this issue exists because of an incomplete fix for CVE-2020-35545. | |||||
| CVE-2020-23262 | 1 Mingsoft | 1 Mcms | 2021-01-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in ming-soft MCMS v5.0, where a malicious user can exploit SQL injection without logging in through /mcms/view.do. | |||||
| CVE-2021-1355 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2021-01-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1364 | 1 Cisco | 2 Unified Communications Manager, Unified Communications Manager Im And Presence Service | 2021-01-29 | 4.0 MEDIUM | 4.9 MEDIUM |
| Multiple vulnerabilities in Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an attacker to conduct path traversal attacks and SQL injection attacks on an affected system. One of the SQL injection vulnerabilities that affects Unified CM IM&P also affects Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) and could allow an attacker to conduct SQL injection attacks on an affected system. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-22847 | 1 Hyweb | 1 Hycms-j1 | 2021-01-28 | 6.5 MEDIUM | 8.8 HIGH |
| Hyweb HyCMS-J1's API fail to filter POST request parameters. Remote attackers can inject SQL syntax and execute commands without privilege. | |||||
| CVE-2021-1222 | 1 Cisco | 1 Smart Software Manager On-prem | 2021-01-28 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the web-based management interface of Cisco Smart Software Manager Satellite could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates values within SQL queries. An attacker could exploit this vulnerability by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | |||||
| CVE-2021-1225 | 1 Cisco | 1 Sd-wan Vmanage | 2021-01-27 | 6.4 MEDIUM | 9.1 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to conduct SQL injection attacks on an affected system. These vulnerabilities exist because the web-based management interface improperly validates values in SQL queries. An attacker could exploit these vulnerabilities by authenticating to the application and sending malicious SQL queries to an affected system. A successful exploit could allow the attacker to modify values on or return values from the underlying database or the operating system. | |||||
| CVE-2021-1248 | 1 Cisco | 1 Data Center Network Manager | 2021-01-27 | 6.5 MEDIUM | 7.2 HIGH |
| Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1247 | 1 Cisco | 1 Data Center Network Manager | 2021-01-27 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to execute arbitrary SQL commands on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-3110 | 1 Prestashop | 1 Prestashop | 2021-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| The store system in PrestaShop 1.7.7.0 allows time-based boolean SQL injection via the module=productcomments controller=CommentGrade id_products[] parameter. | |||||
| CVE-2020-4921 | 2 Ibm, Linux | 2 Security Guardium, Linux Kernel | 2021-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 191398. | |||||
| CVE-2021-22852 | 1 Hgiga | 1 Oaklouds Openid | 2021-01-22 | 6.5 MEDIUM | 8.8 HIGH |
| HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (online registration) to obtain database schema and data. | |||||
| CVE-2021-22851 | 1 Hgiga | 1 Oaklouds Openid | 2021-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| HGiga EIP product contains SQL Injection vulnerability. Attackers can inject SQL commands into specific URL parameter (document management page) to obtain database schema and data. | |||||